13 matches found
EUVD-2008-1222
Malware in sbrugna...
EUVD-2008-1223
Malware in sbrugna...
CVE-2008-7158
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 transcriptFile parameter to MRcgi/MRchat.pl or 2 LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party...
CVE-2008-7158
Numara FootPrints versions 7.5a–8.0a are affected by a remote command execution vulnerability due to unsanitized shell metacharacters in the transcriptFile parameter to MRcgi/MRchat.pl or the LOADFILE parameter to MRcgi/MRABLoad2.pl. The underlying issue enables arbitrary command execution with a...
CVE-2008-7158
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 transcriptFile parameter to MRcgi/MRchat.pl or 2 LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party...
Cross site scripting
Cross-site scripting XSS vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-1213
Cross-site scripting XSS vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-1214
MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-1213
Cross-site scripting XSS vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-1213
CVE-2008-1213 describes a cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1. An attacker can inject arbitrary web script or HTML via the Title field when setting an appointment. Root cause: input in the Title form is not properly sanitized. Impact is indicated as I:P (pa...
CVE-2008-1214
CVE-2008-1214 affects Numara FootPrints 8.1 on Linux, where MRcgi/MRProcessIncomingForms.pl is vulnerable to remote code execution via shell metacharacters in the PROJECTNUM parameter. The description notes that provenance is unknown and details are from third party information; no exploit specif...
CVE-2008-1214
MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Numara FootPrints MRchat.pl及MRABLoad2.pl多个远程命令执行漏洞
BUGTRAQ ID: 27373 Numara FootPrints是一款资产管理系统。 Numara FootPrints的多个脚本实现上存在输入验证漏洞,远程攻击者可能利用此漏洞控制服务器。 Numara FootPrints的/MRcgi/MRchat.pl文件中没有正确地验证对transcriptFile参数的输入,/MRcgi/MRABLoad2.pl文件中没有正确地验证对LOADFILE参数的输入,便将这些参数用到了open调用中,这可能允许攻击者通过“|”字符注入并执行任意命令。 Numara FootPrints 8.0 Numara FootPrints 7.5a1...